Cisco is a long-time leader in delivering state-of-the-art firewalls for the broadest possible range of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide an advanced firewall platform that combines sophisticated hardware, cloud-based services, and machine learning to block, discover, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can help you to design and execute a smooth migration to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower appliances with Cisco's security services to create and centrally manage IT environments that include local offices, data centers, private clouds and public clouds. Progent's firewall consultants can also assist you to maintain and debug older-generation Cisco firewalls. Progent's certified cybersecurity experts can help you with policy creation driven by leading best practices so you can establish a consistent and effective cybersecurity profile that applies to all your endpoints at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower NGFWs Firewalls provide a significant performance boost over Cisco's popular ASA 5500-X firewalls and offer unified management of modern cybersecurity features such as application visibility and control, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), DDoS mitigation, and sandboxing. For more information about Cisco's Firepower family of Next Generation Firewalls, see Firepower firewalls consulting services.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500, and PIX firewalls offer combined firewall, IPsec VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a broad range of features to meet the security and compliance requirements of companies ranging from small businesses to enterprises and Internet service providers. Cisco's ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances enable IT security teams to protect their network edge and provide secure offsite and mobile connectivity while using powerful administration mechanisms built on Cisco's world-class firewall technology.
Cisco's ASA 5500 Series and PIX firewall appliances have arrived at end-of-life status but are still widely used in smaller businesses as well as in a few enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls deliver significantly more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. Still, Cisco's legacy firewall appliances, if properly maintained, continue to deliver a high degree of protection by providing a variety of security functions such as stateful firewall, IPsec VPN, and IPS.
Following Cisco's acquisition of Sourcefire, the whole line of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the market's most deployed intrusion protection system. Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-premier infrastructure consultants can assist your organization to support and troubleshoot legacy ASA 5500 and PIX 500 firewalls and can also help you to design and implement an efficient migration to Cisco's ASA 5500-X firewalls with Firepower. Progent can also assist you to plan, integrate, optimize, manage and debug new firewall solutions based on Cisco's current ASA 5500-X models with Firepower. Progent's firewall consultants can also help you to migrate from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances features an enhanced replacement for each rack-mountable unit in the older ASA 5500 series of firewalls. Each ASA 5500-X model targets the identical market as the corresponding previous models, which gives small and midsize businesses plenty of choice for picking a solution that aligns with their security needs and budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's powerful protection services. All models in Cisco's ASA 5500-X family deliver consistent security across any combination of physical, virtual, and cloud deployments.
For additional information about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA security appliances, go to Cisco Firepower configuration and debugging expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept software or physical modules that support Firepower Services, which provide layered protection against advanced threats. Firepower Services are based on technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X security appliances include:
- Layered defense against familiar and zero-day threats
- Cisco's Advanced Malware Protection that utilizes big data techniques to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers users, network infrastructure, apps, and content to discover threats that use simultaneous approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of apps and can automatically launch standard and customized IPS policies based on the severity of risk
Firepower Services for ASA firewalls offer advanced multi-layered threat protection
Smaller deployments of ASA 5500-X firewalls can be efficiently administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all ASA 5500-X versions. ASDM includes a simple web console for deploying, managing, and debugging ASA 5500-X devices and modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be managed with Cisco's Firepower Management Center, available as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names that include Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center centralizes event and policy control for Cisco Firepower firewalls
Cisco's Firepower Management Center offers features beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Additional features include greater context awareness, Advanced Malware Protection (AMP) with mitigation for user devices, a dashboard that provides real-time network visualization, automated policy tuning based on risk assessment of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering developed for the PIX 500 family Security Appliance, the IPS 4200 Series Intrusion Prevention System, and the VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall product line to deliver a platform that stops the widest variety of attacks. Cisco ASA 5500 Series Firewalls deliver program security, local containment, and clean Virtual Private Network functionality throughout Cisco's product portfolio. This breadth of security allows the guarding of any network area, including the most typical threat conduits like remote sites, LAN-connected internal users, and remote access Virtual Private Networks.
The scalable design of the ASA 5500 family allows you to add more services via service modules and security service cards (SSCs). These easy-to-install enhancements provide the ability to add Intrusion Protection and content protection functions such as blocking virus, worms, and phishing attacks and performing file and web screening. In addition to allowing your IT staff to react quickly to new threat environments, the expandable design of the ASA 5500 family also leverages your capital investment by increasing the useful life of your security appliances. The ASA 5500 Series also leverages your investment in administrative staff education by utilizing the rich set of PIX security management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) system, secure command-line interface (CLI) availability, syslog, and Simple Network Management Protocol.
Cisco ASA 5500 Series firewalls provide robust application security through intelligent, application-sensitive inspection processes that examine traffic at Layers 4-7. The result is a more secure environment including Web, voice, and 3G-mobile wireless connectivity. To defend networks against application-layer assaults and to provide stronger control over the programs and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement technologies that include anomaly sensing and state tracking. Also included are assault detection and mitigation technology including application and protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing businesses to enforce usage policies and conserve network bandwidth for critical business processes.
For additional details about Progent's support services for ASA 5500 security appliances, see Cisco ASA 5500 firewalls configuration and debugging support.
Cisco PIX Firewall Appliances
Built upon a hardened, specialized software platform that delivers a wealth of security services, Cisco PIX firewall appliances provide a high level of protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. PIX firewall appliances provide protection for a broad array of Voice over IP and other mixed-media conventions including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard installations of a broad range of current and upcoming IP voice and multimedia applications.
PIX firewall appliances feature a variety of configuration, tracking, and troubleshooting options, giving businesses the versatility to utilize the methods that most closely meet their needs. Management options include common, policy-based management utilities, integrated web-accessible administration, and support for remote-monitoring protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful Web-based management platform that greatly streamlines the installation, in-place modification, and monitoring of a specific Cisco PIX firewall appliance without requiring any additional software other than an ordinary Web browser and Java applet to be running on an administrator's PC.
IT managers can furthermore remotely set up, track, and analyze Cisco PIX security appliances via a command-line interface (CLI). Safe command-line interface (CLI) communication is possible using several techniques including Secure Shell Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also have robust automatic-update capabilities, a set of advanced secure remote-administration options that make sure that security settings and software images are kept current.
For more information about Progent's consulting services for PIX 500 firewalls, see Cisco PIX 500 firewalls integration and troubleshooting support.
Progent's Migration Consulting Support for Cisco Firewalls
Because Cisco has ceased selling the PIX 500 and ASA 5500 product lines, many businesses are concerned about relying on a key infrastructure component that may stop being supported by Cisco. Cisco ASA 5500-X and Firepower Series security appliances offer the advantage of being current products and also bring a number of functions and economic advantages in comparison to PIX firewalls. These benefits include significantly better performance, optional SSL VPN support, and a modular architecture that protects your investment by enabling you to add new security services whenever you need them. Progent's Cisco certified experts can help your company to determine the business case for moving from PIX or Cisco ASA 5500 security appliances, design a migration process that permits a fast and non-disruptive upgrade, help your IT staff to set up new ASA 5500-x Series or Firepower Series appliances, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco Firepower NGFW Series, ASA Series, and PIX firewalls incorporate an array of setup, monitoring, and analysis features which give you the ability to deploy these firewalls to match your company's requirements. Progent's CCIE authorized network professionals can show you how to build an efficient infrastructure that incorporates Cisco security appliances and that provides advanced security, fault tolerance, throughput, and recoverability. Progent's CISA and CISM-certified information security engineers can assist you to develop a security policy that makes sense for your business and can set up your firewall to support your security policies. Progent's security assessment engineers can assess the strength of your current firewall deployment and audit the overall security of your whole IT network. Progent's Help Desk Call Center can deliver emergency remote troubleshooting for Cisco products and can give you quick access to a Cisco CCIE network engineer.
For additional details concerning Progent's engineering help for Cisco products, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To get in touch with Progent about technical assistance for Cisco networking, call 1-800-993-9400 or see Contact Progent.